Helping people with computers... one answer at a time.

The SSID identifies your wireless access point to any computers in range. Having a unique one is helpful, but hiding it is only marginally more secure.

I always hear “CHANGE THE SSID” on your home router. There are two parts to the SSID, correct? The network name and the network password to connect. I realize that the password needs to be changed from the default of admin or whatever, but are people still suggesting that the SSID network name be changed as well? I can see changing the network name to something other than “Linksys” so that you know that it's yours, but why does it matter if others can see this name? All that matters is changing the SSID password, correct?

Well, to begin with, a couple of concepts have gotten confused in your question.

There's no such thing as an "SSID password". The SSID is simply the identifier that a Wifi access point can broadcast to let you know that it exists.

The SSID can be changed, and there are good reasons to do so. Broadcasting the SSID can also be disabled, but whether that actually helps anything is debatable.

And finally, this isn't really a router thing because there are routers that have no wireless capabilities and thus, they have no SSID to worry about. This is really a wireless access point thing - whether that access point is a separate device or combined with a router in a single package.

That password thing

Even though it's completely unrelated to the SSID, let's first deal with the password issue.

As outlined in How do I secure my router?, there are actually two passwords that you need to concern yourself with:

  • The password used to gain administrative access to the router's configuration

  • The password used as part of WPA encryption used to secure your wireless connections

You should change the first one from its default. Otherwise, anyone with access to your network can reconfigure your router. I have heard of malware that can do exactly that if you leave the password unchanged.

You should add the second - WPA encryption - if you have not. Otherwise, anyone within range can possibly "listen in" on your wireless data.

But neither really have anything to do with SSID.

Change the SSID

You'll need to access your router's configuration to alter these settings. Exactly how you do that varies from router-to-router, so check your router's documentation for instructions.

My example uses a LinkSys WAP54G wireless access point, which is a device separate from my router.

In its configuration, I navigate to the Wireless tab, Basic Wireless Settings page:

Linksys WAP54G basic wireless settings

Everything that we want to look at is on this page in this access point.

The Network Name (SSID) usually defaults to something that is the same for every one of the access points or routers made by the same manufacturer. Typically, that's the manufacturer's name - LinkSys, in this case.

As you can see, I've changed that to something else:

Linksys access point wireless settings

I've named this access point "NOTENLAN-FR", something that clearly identifies this particular access point and the network to which I have it attached.

You can choose pretty much any name that you like. I've seen SSIDs called things like "Fluffy Bunny" or "Connect here for malware" - the later being a semi-facetious way of telling strangers not to try to connect. (With WPA enabled, they would not be able to anyway, unless they had the proper password.)

But as you've pointed out, it is good to set it to something unique, so that you don't accidentally connect to some other access point and questionable network with the same name as yours.

Broadcasting the SSID

There's a diversity of opinion on whether or not it's helpful to not broadcast your SSID.

As you can see above, mine is set to broadcast.

What does that mean? It means that it shows up in lists like this one:

Wireless SSIDs showing in Windows 7

The available networks there are those whose SSIDs are being broadcast by wireless access points in range.

If you disable the broadcast of the SSID, the wireless network does not appear here. You can still connect to it manually if you know the SSID (and WPA password, if appropriate), but it won't show up in these types of lists automatically.

Broadcasting the SSID and security

There's a misconception that not broadcasting the SSID makes your wireless network more secure.

That's actually only partly true.

If the SSID isn't being broadcast, your wireless network won't show in those "nearby networks" lists. It's a form of security by obscurity in that it keeps your neighbors or anyone else within range from connecting accidentally or otherwise.

However.

It's not really secure. Your network is still technically visible; the packets going to and from your access point can still be intercepted and interpreted. It's slightly more difficult, but still quite possible. Disabling the SSID broadcast doesn't really protect your network from someone who's knowledgeable and intent on connecting.

You still need that WPA password to do that.

So, disable the broadcast or not. Just realize what security you are and more importantly are not getting when you do so.

Article C5049 - January 21, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
John
January 24, 2012 8:17 AM

I had a customer who was getting redirected on Google searches. I was convinced it was the TDSS Rootkit but couldn't find it on his system. I eventually realized he was running his wireless router with the default user name and password and that it had been indeed been hacked during a previous malware infection. The customer had contacted me because he was convinced the first tech that cleaned his computer hadn't done a good job. The virus wasn't on his computer any more but had already changed his wireless router settings to redirect web searches. A simple fix: Reset router to factory settings and change default user name and password.

Louis Desjardins
January 24, 2012 8:22 AM

Between broadcasting the SSID or not I would choose not for one reason. If your SSID is out there people within range know you are probably around. If you turn your router off when you go away then it's possible, although admittedly unlikely, that the location of your empty house/apartment could be identified.

Bob B.
January 24, 2012 8:32 AM

I had the Google redirect malware on one of my machines. I kept removing it using some well documented steps I found in a Google search but eventually it would return. I ended up using Malwarebytes and Spybot Search and Destroy to remove it once again and then I replaced AVG anti-virus with Microsoft Security Essentials and the rat has never returned. Having such a great AV tool being given out by MS for free makes me wonder what they are up to by doing so, but I gotta say it is the best AV software I've ever used and the price is right.

Jeff Burns
January 24, 2012 8:39 AM

I always advise my (home based) customers to use an SSID that will not identify their home as the source. The biggest threat to privacy in a residential neighborhood is usually A NEIGHBOR. Why create an SSID that tells the viewer what house it comes from? So, no last names, no kids names, no house numbers . . . and yes, I also change the default admin settings, including the "linksys" user name. The goal is, give the nosey neighbor nothing of use.

Personally as long as the wireless is secured with WPA encryption I don't see much harm in broadcasting my SSID around the neighborhood (and it's obviously mine by name).
Leo
28-Jan-2012
Hira
January 24, 2012 8:48 AM

Not broadcasting the SSID helps in certain situations. I work in a place where we have two routers. One for the public, without security key and another one for the employees, secured wifi. We mask the SSID for the secured router, so that the public does not see it, and only the employees with SSID and password can connect.

John
January 24, 2012 9:34 AM

There are quite a few phones and other devices that show a list of all networks being broadcast or not. In addition, some laptops, media devices (cable, roku boxes, receivers) won't connect even manually to non-broadcasting SSID's even with the password. So not broadcasting your SSID is becoming a mute point and may just add a hassle in connecting a laptop or other device.

fitzi
January 24, 2012 11:57 AM

'ting is some companies use ssid to close sites eg there is a site about tourist holiday tickets in Britain aimed at overseas tourists but it is deliberately) kept inacessible to the United Kingdom. Tnhe reson for the concealment is that there is a huge difference between the prices for rail passes available overseas and those sold within the UK I have accessed it but only by using a friend's computer when abroad!

To be honest I don't see how an SSID applies to this scenario at all.
Leo
28-Jan-2012
Art Yaffe
January 24, 2012 1:03 PM

When your access point does not broadcast the SSID, it helps but...

When you turn on your laptop - the one that knows it's looking for a LAN named 'Kitty' and should preferentially connect to 'Kitty' if it's availabe, as soon as it wants to connect starts 'shouting' the equivalent of "Here, kitty kitty kitty?". It'll do that when you're at Starbucks, too, even though there's no "Kitty" around.

So malicious listeners-in will know the name of your home network even though it's not broadcasting its SSID.

That and other annoyances when the access point is more-or-less anonymous have convinced me that turning off 'broadcast SSID' is a waste of energy. WPA, or at the very least (and it IS the very least) WEP is mandatory.

WEP is pointless. If security is an issue at all, WPA is mandatory.
Leo
28-Jan-2012
Alex Dow
February 17, 2012 9:10 AM

This may sound incredible; but I have encountered one combined Router & Wireless Access Point, in which the SSID had been changed from-

the Default of basically the maker's Name & Type

to

the Full Street Address of where it was installed.

Whilst probably not affecting the WiFi Security, it certainly did give an indication of a significant computer installation, fortunately limited by the working range of the WiFi.

Steve Knapp
February 27, 2012 4:09 PM

I echo the comment made by Art Yaffe:

"When your access point does not broadcast the SSID, it helps but...

When you turn on your laptop - the one that knows it's looking for a LAN named 'Kitty' and should preferentially connect to 'Kitty' if it's availabe, as soon as it wants to connect starts 'shouting' the equivalent of "Here, kitty kitty kitty?". It'll do that when you're at Starbucks, too, even though there's no "Kitty" around.

So malicious listeners-in will know the name of your home network even though it's not broadcasting its SSID."

I hadn't thought of this FACT until recently. I have turned my SSID broadcast back on at home and UNchecked the "Connect even if the network is not broadcasting its name (SSID)" property in the "Manage Wireless Networks" Control Panel.

Richard Kaminski
March 5, 2012 7:22 AM

The other method of securing a wireless network that I use on top of the WPA password is that I have to manually add the MAC address for computers that can use my network. This is on a Linksys WAG160N modem router

Steve
March 5, 2012 8:03 AM

Why do we think James Bond is going to drive his Masserati to our driveway and start his high tech hacking? Won't even he look for a visible SSID and use it instead? The whole contention that not broadcasting the SSID seems stupid to me.

Really protecting your home network should consist of three layers, none of them including WEP or WPA, which are also stupid placebos.

1. Turn off SSID broadcast. If they don't know you're there, they won't even try to log on. Your neighbor broadcasts his and they won't even think to ignore that and look for hidden ones. Who are we fooling anyway?

2. Engage your MAC address whitelist, STUPID!!! Tell your router which computers belong on your network. The others have to buzz off. The list isn't accessible because you've changed the name of your SSID and have a secure administrative password for the router. Yes, it's possible to use brute force to get in. No it won't happen anytime soon.

3. Now initiate and use your router's logging capability to log entries to your network. You can check it once in awhile just to make sure nobody you don't authorize gets in. They won't. This is just to make you feel good and prove my point.

In order not to be eaten by the bear, you don't have to be the fastest runner, just the second slowest.

Steve
March 5, 2012 8:11 AM

Darn, I wish this primitive site let you edit posts. For my post above it should say "The whole contention that not broadcasting the SSID does not enhance security seems stupid to me."

Later, where it mentions changing the SSID and administrative password of the router, it should be logon name, of course.

iRACKERS
January 9, 2013 4:30 PM

@Steve
please tell me where you live. I am very interested in using your 'secure' wireless network for free internet.

Also @ Mark J
While WPA provides better security than WEP, this security protocol was only put in place while WPA2 was being developed. WPA will maybe add an extra 3 minutes defence at best.
Still very easy for someone to bypass with the correct know how.
And since your comment was posted 6 years after the release of WPA2 I'm hoping you have adopted that method of securing your network as it provides much higher security... but still crackable

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.